Add version to replica prepare file, prevent installing to older version

5 files changed, 21 insertions, 7 deletions

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index d7baf9c05..41e1ef575 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -328,6 +328,10 @@ def main():
 
     config = ReplicaConfig()
     read_replica_info(dir, config)
+    root_logger.debug('Installing replica file with version %d (0 means no version in prepared file).' % config.version)
+    if config.version and config.version > version.NUM_VERSION:
+        root_logger.error('A replica file from a newer release (%d) cannot be installed on an older version (%d)' % (config.version, version.NUM_VERSION))
+        sys.exit(1)
     config.dirman_password = dirman_password
     try:
         host = get_host_name(options.no_host_dns)
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index 357848826..d1ffe4e2e 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -207,6 +207,7 @@ def save_config(dir, realm_name, host_name,
     config.set("realm", "domain_name", domain_name)
     config.set("realm", "destination_host", dest_host)
     config.set("realm", "subject_base", str(subject_base))
+    config.set("realm", "version", str(version.NUM_VERSION))
     fd = open(dir + "/realm_info", "w")
     config.write(fd)
 
diff --git a/install/tools/man/ipa-replica-install.1 b/install/tools/man/ipa-replica-install.1
index 1a0f89a41..3f4459727 100644
--- a/install/tools/man/ipa-replica-install.1
+++ b/install/tools/man/ipa-replica-install.1
@@ -29,6 +29,8 @@ The replica_file is created using the ipa\-replica\-prepare utility.
 If the installation fails you may need to run ipa\-server\-install \-\-uninstall before running ipa\-replica\-install again.
 
 The installation will fail if the host you are installing the replica on exists as a host in IPA or an existing replication agreement exists (for example, from a previously failed installation).
+
+A replica should only be installed on the same or higher version of IPA on the remote system.
 .SH "OPTIONS"
 .SS "BASIC OPTIONS"
 .TP
diff --git a/install/tools/man/ipa-replica-prepare.1 b/install/tools/man/ipa-replica-prepare.1
index f30ed10c1..8e1e60a25 100644
--- a/install/tools/man/ipa-replica-prepare.1
+++ b/install/tools/man/ipa-replica-prepare.1
@@ -1,21 +1,21 @@
 .\" A man page for ipa-replica-prepare
 .\" Copyright (C) 2008 Red Hat, Inc.
-.\" 
+.\"
 .\" This program is free software; you can redistribute it and/or modify
 .\" it under the terms of the GNU General Public License as published by
 .\" the Free Software Foundation, either version 3 of the License, or
 .\" (at your option) any later version.
-.\" 
+.\"
 .\" This program is distributed in the hope that it will be useful, but
 .\" WITHOUT ANY WARRANTY; without even the implied warranty of
 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 .\" General Public License for more details.
-.\" 
+.\"
 .\" You should have received a copy of the GNU General Public License
 .\" along with this program.  If not, see <http://www.gnu.org/licenses/>.
-.\" 
+.\"
 .\" Author: Rob Crittenden <rcritten@redhat.com>
-.\" 
+.\"
 .TH "ipa-replica-prepare" "1" "Mar 14 2008" "FreeIPA" "FreeIPA Manual Pages"
 .SH "NAME"
 ipa\-replica\-prepare \- Create an IPA replica file
@@ -28,9 +28,11 @@ A replica can only be created on an IPA server installed with ipa\-server\-insta
 
 You must provide the fully\-qualified hostname of the machine you want to install the replica on and a host\-specific replica_file will be created. It is host\-specific because SSL server certificates are generated as part of the process and they are specific to a particular hostname.
 
-If IPA manages the DNS for your domain, you should either use the \fB\-\-ip-address\fR option or add the forward and reverse records manually using IPA plugins.
+If IPA manages the DNS for your domain, you should either use the \fB\-\-ip\-address\fR option or add the forward and reverse records manually using IPA plugins.
 
 Once the file has been created it will be named replica\-hostname. This file can then be moved across the network to the target machine and a new IPA replica setup by running ipa\-replica\-install replica\-hostname.
+
+A replica should only be installed on the same or higher version of IPA on the remote system.
 .SH "OPTIONS"
 .TP
 \fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 048706523..cd2becb17 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -30,7 +30,7 @@ import netaddr
 import time
 import tempfile
 import shutil
-from ConfigParser import SafeConfigParser
+from ConfigParser import SafeConfigParser, NoOptionError
 import traceback
 import textwrap
 
@@ -74,6 +74,7 @@ class ReplicaConfig:
         self.dir = ""
         self.subject_base = None
         self.setup_ca = False
+        self.version = 0
 
     subject_base = ipautil.dn_attribute_property('_subject_base')
 
@@ -522,6 +523,10 @@ def read_replica_info(dir, rconfig):
     rconfig.domain_name = config.get("realm", "domain_name")
     rconfig.host_name = config.get("realm", "destination_host")
     rconfig.subject_base = config.get("realm", "subject_base")
+    try:
+        rconfig.version = int(config.get("realm", "version"))
+    except NoOptionError:
+        pass
 
 def check_server_configuration():
     """